In the Specification 



Please replace paragraph [0002] with the following amended paragraph: 

[0002] This application claims priority [[on]] of U.S. Provisional Patent Application 

Serial No. 60/409,728 (HAMK 26,177) entitled "System and Method for Security Management 
Decision Analysis," filed September 11, 2002 and US Provisional Patent Application Serial 
Number 60/407,550 (HAMK 26,170) entitled "System and Method for Service Management 
Decision Analysis," filed August 30, 2002. 

Please replace paragraph [0009] with the following amended paragraph: 

[0009] Current security systems and methods exhibit several problems. These problems 

include a lack of process integration, a lack of tool interoperability and a lack of cross domain 
integration. The current systems tend to overemphasize technical countermeasures. They tend 
to underestimate the operational requirements necessary to implement recommended solutions. 
Current system systems tend to ignore or undervalue qualitative data and otherwise don't take 
qualitative or uncertain data into account. They usually lack a life-cycle model for security. 
They typically [[don't]] do not integrate with service management methods. The analytical 
models used in current security system are typically limited to risk metrics. 

Please replace paragraph [0021] with the following amended paragraph: 

[0021] A decision group server 110 may create and access its own super-matrix 106a, 

although in a given decision analysis, the facilitators super-matrix will typically control the 
processes. The decision group server 110 may access one or more databases 114a or other 
information sources. The decision group server may be provided with decision frames 116 as 
well as other decision tools 118. The decision tools 118 may include multi-criteria decision 
analysis (MCDA) 120, including analytical network processing (ANP) 130, bayosian belief 
Bayesian Belief networks (BBN) 122, 6 sigma 124, mean time between failures (MTBF) 126, 
queuing models 128, and any other analytical tool. The specific tools are chosen as appropriate 
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to the specific question given. For example, 6 sigma 124 and MTBF 126 are most appropriate to 
discrete questions and so could be applied where specific discrete questions are raised. 

Please replace paragraph [0043] with the following amended paragraph: 

[0043] Like any complex issue needing resolution, security management needs to be 

broken down into more manageable components and enhanced. An architectural discipline is 
necessary to standardize the approach to instrumenting the process with measurement points and 
tying that to a common security management architecture. [[.]] Managing security requires a set 
of core processes supported by group decision analysis across multiple business and technical 
domains. 

Please replace paragraph [0048] with the following amended paragraph: 

[0048] A system management decision analysis system 100 and process may be 

implemented for designing, optimizing and managing any system process process. The 
principles of the preferred embodiment however are not limited to IT Security management and 
can be applied to nearly all disciplines including service management, resource management, 
asset management, physical security, governmental and military security, corporate security and 
other areas. 

Please replace paragraph [0057] with the following amended paragraph: 

[0057] The security management decision analysis system 100 including the facilitator 

102 and the decision groups 110 use a combination of multi-criteria decision analysis 120 and 
Bayesian Belief networks (BBN) 122 to represent a network of decision criteria. This 
combination of analytical techniques facilitates complex representation and adaptive 
combinations of empirical and or subjective and or uncertain data and related models. The 
decision analysis system 100 handles multi-criteria decision forward and feedback analysis, 
conflicting objectives, subjective judgements judgments and uncertain data. Moreover the 
decision analysis system 100 facilitates a systematic and adaptable group and or individual 
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decision making process to prioritize, recommend and monitor specific actions. 

Please replace paragraph [0070] with the following amended paragraph: 

[0070] The decision analysis system 100 calculates values, within some probability 

bounds in the case of the uncertain criteria, for each criterion for a given action. This allows the 
decision analysis system 100 to apply Analytical Network Process 130 techniques to combine 
the values for a given action and then to rank the set of actions. In the case of the uncertain 
criteria the decision analysis system 100 , analysis system 100, for example, may apply values 
for "most likely' as well as the upper and lower bounds. If the result of the analysis produces a 
unique "best' action action, which satisfies all of the defined constraints constraints, then a final 
decision recommendation is generated. If not, the decision analysis system 100 relaxes various 
constraints or introduce introduces new actions before beginning the process again for an 
additional round of analysis. 
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